bolly

Privacy Policy

Last updated: March 13, 2026

1. Who we are

Bolly is operated by Triangle Interactive ("we", "us", "our"). We provide an AI companion platform that runs on dedicated server instances. This policy explains how we collect, use, and protect your information.

2. Information we collect

Account information

When you create an account, we collect your email address and a hashed password. If you subscribe to a paid plan, Stripe processes your payment — we do not store credit card numbers.

Companion data

Your companion instance runs on a dedicated server with its own persistent storage. Conversations, memories, files, and any content you share with your companion are stored on that instance. We do not access, read, or analyze your companion data except when required to provide technical support you explicitly request, or when required by law.

Google account data

If you connect your Google account, we store an OAuth refresh token and access token to enable Gmail, Google Calendar, and Google Drive integrations. These tokens are used solely to perform actions you or your companion initiate (sending emails, reading your calendar, accessing drive files). We do not read, store, or analyze the content of your emails, calendar events, or drive files on our servers — your companion processes this data in real-time on your dedicated instance.

Usage data

We collect basic usage metrics: message counts and token usage per instance for rate limiting and billing. We use server logs for debugging and security. We do not use analytics trackers or third-party tracking scripts.

3. How we use your information

  • To provide and maintain your companion instance
  • To process payments via Stripe
  • To enforce rate limits and prevent abuse
  • To send transactional emails (password resets, billing notifications)
  • To facilitate Google integrations you explicitly authorize

We do not sell your data. We do not use your data to train AI models. We do not share your data with third parties except as described below.

4. Third-party services

  • Fly.io — hosts your companion instances
  • Neon — hosts our account database
  • Stripe — processes payments
  • Cloudflare — DNS and TLS for your subdomain
  • OpenRouter / OpenAI / Anthropic — LLM providers that process your companion's conversations (subject to their respective privacy policies)
  • Google APIs — Gmail, Calendar, and Drive access when you connect your Google account (subject to Google's Privacy Policy)

5. Google API Services User Data Policy

Bolly's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We only request access to the Google API scopes necessary for the features you use
  • We do not use Google user data for advertising
  • We do not transfer Google user data to third parties except as necessary to provide the service or as required by law
  • We do not use Google user data to train AI models
  • Your Google data is processed on your dedicated companion instance and is not stored on shared infrastructure

6. Data retention

Your account data is retained as long as your account is active. Your companion data is stored on your dedicated instance volume. If you cancel your subscription, your instance is stopped and data is retained for 30 days before deletion. You can request immediate deletion by contacting us.

Google OAuth tokens are deleted immediately when you disconnect your Google account from the dashboard.

7. Data security

All connections are encrypted via TLS. Passwords are hashed. API keys and tokens are stored encrypted at rest. Each companion runs in an isolated container with its own storage volume. We follow industry-standard security practices, but no system is perfectly secure.

8. Your rights

You can:

  • Access, export, or delete your companion data at any time via the companion's tools
  • Disconnect your Google account at any time from the dashboard
  • Delete your account by contacting us
  • Request a copy of your personal data

9. Changes

We may update this policy. Material changes will be communicated via email or a notice on the dashboard.

10. Contact

Questions? Email support@bollyai.dev.